CrowdStrike Certified Falcon Administrator (CCFA) — Question 117
When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?
Answer options
- A. .*\.baddomain\.xyz|baddomain\.xyz
- B. **baddomain\.xyz|baddomain\.xyz**
- C. .*baddomain\.xyz|baddomain\.xyz.*
- D. Custom IOA rules cannot be created for domains
Correct answer: A
Explanation
The correct answer is A because it uses the appropriate regular expression syntax to match all subdomains of baddomain.xyz. Option B is incorrect since it uses asterisks which are not valid in this context. Option C would match additional patterns that are not necessary, and D is wrong because custom IOA rules can indeed be created for domains.